Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Enermax Aquafusion 360 review LCS
Intel Core i5 11400F processor review
Corsair Vengeance RGB Pro SL 3600 MHz 32GB review
ASRock Z590 Extreme review
Gigabyte Radeon RX 6700 XT Gaming OC review
Corsair K70 RGB TKL keyboard review
Corsair RM650x (2021) power supply review
be quiet! Silent Loop 2 280mm review
Corsair K55 RGB PRO XT keyboard review
Guru3D Rig of the Month - March 2021

New Downloads
AMD Radeon Adrenalin Edition 21.4.1 driver download
3DMark Download v2.17.7166 + Time Spy
NVIDIA Unreal Engine 4 RTX & DLSS Demo
Intel HD graphics Driver Download Version: DCH 27.20.100.9466
CPU-Z download v1.96
GeForce 466.11 WHQL driver download
Guru3D RTSS Rivatuner Statistics Server Download 7.3.2 Beta 2
MSI Afterburner 4.6.4 Beta 2 Download
HWiNFO Download v7.02
Corsair Utility Engine Download (iCUE) Download v4.9.350


New Forum Topics
Fix game stutter on Win 10 1703-1809 Download: Radeon Software Adrenalin 21.4.1 Download & Discussion Apple Also Announces Next gen iPad Pro with M1 Chip, 5G, Thunderbolt 4 and mini-LED Display Microsoft To Share More Details on Microsoft DirectStorage for PC in April Fine Utilise Power of RadeonPRO Software & SweetFX Part 2 Microsoft might purchase Discord for 10 Billion Resizeable BAR support issues Seems that Intel 8th Gen and 3XX chipset supports Resizable BAR after all... QNAP releases 10G / 2.5G L2 Manages Switch - QSW-M2108R-2C Playseat teams up with PUMA and offers red gaming chair that moves along with you




Guru3D.com » News » GhostDNS: 70+ different types of home routers (100,000+) are being hijacked

GhostDNS: 70+ different types of home routers (100,000+) are being hijacked

by Hilbert Hagedoorn on: 10/02/2018 08:48 AM | source: myce | 16 comment(s)
GhostDNS: 70+ different types of home routers (100,000+) are being hijacked

Over a 100K routers from brands like D-Link, MikroTik, TP-Link, Huawei and SpeedTouch are currently hijacked and have a changed the DNS server. That way traffic can be re-routed ending up at phishing sites etc.

While not a new methodology, from the 20th of September of this year a large attack was discovered by security researchers. So basically on a malicious website, a script would be executed that sniffs if your router port is open, try to log in (brute force) to your router, that changes credentials and DNS. A lot of users use the default username and password which makes them extra vulnerable. Once the criminals are able to login they change the DNS server address of the router.  Currently, the attacks are mainly active in Brazil.

The current attack, discovered by network security lab 360 Netlab, affects more than 70 different routers:

  • 3COM OCR-812
  • AP-ROUTER
  • D-LINK
  • D-LINK DSL-2640T
  • D-LINK DSL-2740R
  • D-LINK DSL-500
  • D-LINK DSL-500G/DSL-502G
  • Huawei SmartAX MT880a
  • Intelbras WRN240-1
  • Kaiomy Router
  • MikroTiK Routers
  • OIWTECH OIW-2415CPE
  • Ralink Routers
  • SpeedStream
  • SpeedTouch
  • Tenda
  • TP-LINK TD-W8901G/TD-W8961ND/TD-8816
  • TP-LINK TD-W8960N
  • TP-LINK TL-WR740N
  • TRIZ TZ5500E/VIKING
  • VIKING/DSLINK 200 U/E

In total, more than 100,000 routers are affected by the attack of which the majority is located in Brazil. As soon as the users browse to specific websites they are redirected to phishing sites. These include online banking sites but also Netflix and hosting companies.

Once again, make sure your router firmware is up-to-date, disable external WAN access, and change your default password. 



GhostDNS: 70+ different types of home routers (100,000+) are being hijacked




« Red Dead Redemption 2 Gameplay Video #2 · GhostDNS: 70+ different types of home routers (100,000+) are being hijacked · HP unveils the Spectre Folio - Leather »

4 pages 1 2 3 4


DeskStar
Senior Member



Posts: 1149
Joined: 2011-01-11

#5591140 Posted on: 10/02/2018 12:54 PM
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......

Just crazy.....!!

slyphnier
Senior Member



Posts: 813
Joined: 2009-11-30

#5591150 Posted on: 10/02/2018 01:41 PM
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......

Just crazy.....!!

well ATM basically LAN (enclosed-wan) that only connect to banking-network
which separate them from internet-open-world
thats why they not effected much by real-world vulnerabilites... even though probably they share same vulnerabilites

Steppzor
Senior Member



Posts: 823
Joined: 2006-02-05

#5591162 Posted on: 10/02/2018 02:16 PM
Think he ment 'At The Moment' xD

Brasky
Senior Member



Posts: 2270
Joined: 2011-05-19

#5591172 Posted on: 10/02/2018 02:58 PM
Think he ment 'At The Moment' xD


Thanks Ron Burgundy! now i know why you're the most trusted name in San Diego!

Mateja
Senior Member



Posts: 101
Joined: 2014-02-01

#5591209 Posted on: 10/02/2018 04:28 PM
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).

if anyone needs help do this:

open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)

as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there :)

other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).

4 pages 1 2 3 4


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021